Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9661	2023-08-08 09:21	BR.exe 1c7a29f48b56d6e89620c0c55d515095 Themida Packer Generic Malware UPX .NET EXE PE File PE32 Browser Info Stealer Malware download VirusTotal Malware Check memory Checks debugger unpack itself Checks Bios Collect installed applications Detects VMWare VMware anti-virtualization installed browsers check SectopRAT Windows Browser Backdoor ComputerName Remote Code Execution Firmware DNS Cryptographic key crashed		1	1		9.4	M	36	ZeroCERT

9662	2023-08-08 09:19	fotod360.exe de76c534160e914236dd0a7a0e9cb68f Gen1 Emotet Amadey UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	4 Keyword trend analysis	3	13 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response) ET INFO Dotted Quad Host DLL Request ET INFO Packed Executable Download ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2	3	16.2	M		ZeroCERT

9663	2023-08-08 09:17	5.exe 82cf051811579ee4f1d9978af52f12db Emotet Generic Malware UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB Check memory Check virtual network interfaces Tofsee	1 Keyword trend analysis	3	1		1.8	M	15	ZeroCERT

9664	2023-08-08 09:16	logszx.doc 2c6c2c3fbdd819ee45b543d6632f842f MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit crashed					3.2	M	31	ZeroCERT

9665	2023-08-08 09:16	foto4060.exe 154cfd11c188d2d5b6b2aef4c5b36f13 Gen1 Emotet Amadey RedLine Infostealer RedLine stealer Browser Login Data Stealer SmokeLoader UPX Malicious Library Admin Tool (Sysinternals etc ...) .NET framework(MSIL) Confuser .NET Malicious Packer CAB PE File PE32 OS Processor Check DLL .NET EXE Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check human activity check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed Downloader	8 Keyword trend analysis Info http://193.233.254.61/loghub/master http://77.91.68.1/smo/du.exe - rule_id: 35705 http://77.91.68.61/rock/index.php - rule_id: 35495 http://77.91.68.61/rock/Plugins/clip64.dll - rule_id: 35516 http://77.91.68.1/new/fotod360.exe http://77.91.68.1/new/foto4060.exe http://77.91.68.61/rock/Plugins/cred64.dll - rule_id: 35515 http://77.91.68.3/fuzz/faman.exe - rule_id: 35706	5	16 Info ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response) ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET INFO Dotted Quad Host DLL Request ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	5	17.8	M		ZeroCERT

9666	2023-08-08 09:15	OLMAPI32.dll 09a9e1b03f7d7de4340bc5f9e656b798 Generic Malware UPX Malicious Library OS Processor Check DLL PE File PE32 VirusTotal Malware MachineGuid unpack itself Checks Bios sandbox evasion anti-virtualization ComputerName					3.0		49	ZeroCERT

9667	2023-08-08 09:14	ChromeSetup.exe 5a08ba81444a3984161787236f58f064 AgentTesla Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2		13.2			ZeroCERT

9668	2023-08-08 09:12	bbb.exe 8834150bb6738dd7d34f5fc406d306da AgentTesla .NET framework(MSIL) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2		10.4	M	37	ZeroCERT

9669	2023-08-08 09:12	s64cmd.dll 79c80f6c916250dfad7f433e1ff950ee Malicious Library VMProtect DLL PE64 PE File VirusTotal Malware Checks debugger unpack itself DNS		1			4.0	M	21	ZeroCERT

9670	2023-08-07 18:39	Rhay_92.exe 664bffe24693a7575ffcdaf2e33d6188 UPX Malicious Packer OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution					2.0	M	22	ZeroCERT

9671	2023-08-07 18:37	sdnaumaosm.exe 4c224ad23e402d58bbd23023bf883dc0 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution					2.2	M	42	ZeroCERT

9672	2023-08-07 18:37	plugin_2023-08-06_15-05.exe c51b336b579c7d162f5c1c5ff4ce5599 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution					2.2	M	44	ZeroCERT

9673	2023-08-07 18:35	somefile.exe 54631210ad8202513b794956c59e67a7 UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response)		11.6	M	29	ZeroCERT

9674	2023-08-07 18:34	AmpulesUnweened.exe b6e604a44fada526ffdff314ba34953d UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution					2.2	M	43	ZeroCERT

9675	2023-08-07 18:33	enterprise-build.lnk 8dd882606c4b8a4b711ff858259694ed Generic Malware Antivirus AntiDebug AntiVM GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					4.8		14	ZeroCERT